Francesco Emanuel Bennici

**Name of the Vulnerable Software and Affected Versions** Old Street Live Input Macros app versions prior to 2.11 for Confluence **Description** The issue concerns the Live:Text Box macro in the Old Street Live Input Macros app, which has a cross-site scripting (XSS) problem. This can lead to the theft of the Administrator Session Cookie. **Recommendations** For versions prior to 2.11, update to version 2.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Confluence Server versions prior to 1.5.0 **Description** The issue allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element. **Recommendations** For Confluence Server versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue.